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1 Applications!.^ 

R. J. Huisebosch, A. H. Salden, M. S. Bargh, P. W. G. Ebben, J. Reitsma 



June 2005 Proceedings of the tenth ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Full text available: ^.pdjj 145 ; 62 KB) Additional Information: MLoMJon, abstract, references, index tems 

We investigate the practical feasibility of using context information for controlling access 
to services. Based solely on situational context, we show that users can be transparently 
provided anonymous access to services and that service providers can still impose various 
security levels. Thereto, we propose context-sensitive verification methods that allow 
checking the user's claimed authenticity in various ways and to various degrees. More 
precisely, conventional information management approac ... 

Keywords: access control, authentication, context sensitive, context verification, service 
usage patterns 



Cryptobased identifiers (CBIDs): Concepts and applications 
Gabriel Montenegro, Claude Castelluccia 

February 2004 ACM Transactions on Information and System Security (TISSEC), volume 

7 Issue 1 

Publisher: ACM Press 

Additional Information: MLQltation, .abstract, refexences, index terras, 



Full text available: ■ pipdf(252.76 KB) 

review 

This paper addresses the identifier ownership problem. It does so by using characteristics 
of Statistical Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which 
this document calls SUCV Identifiers and Addresses, or, alternatively, Crypto-based 
Identifiers. Their characteristics allow them to severely limit certain classes of denial-of- 
service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve 
the address ownership problem that hinders mechani ... 

Keywords: Security, address ownership, authorization, group management, mobile IPv6, 
opportunistic encryption 
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Authentication in distributed systems: theory and practice 

Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber 

November 1 992 ACM Transactions on Computer Systems (TOCS), volume 10 issue 4 

Publisher: ACM Press 

Additional Information: full citation, abstract, references, citings , index 



Full text available: 119 pdf(3.37 MB) 

1223 terms, review 

We describe a theory of authentication and a system that implements it. Our theory is 
based on the notion of principal and a "speaks for" relation between principals. A simple 
principal either has a name or is a communication channel; a compound principal can 
express an adopted role or delegated authority. The theory shows how to reason about a 
principal's authority by deducing the other principals that it can speak for; authenticating 
a channel is one important application. We ... 

Keywords: certification authority, delegation, group, interprocess communication, key 
distribution, loading programs, path name, principal, role, secure channel, speaks for, 
trusted computing base 
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Albert Levi, M. Ufuk Caglayan, Cetin K. Koc 

February 2004 ACM Transactions on Information and System Security (TISSEC), volume 

7 Issue 1 

Publisher: ACM Press 

Additional Information: fulJ„cjtatipn J abstract, references, index terras, 



Full text available: m&dfl532.fi4J<8) 

^ review 

Certification is a common mechanism for authentic public key distribution. In order to 
obtain a public key, verifiers need to extract a certificate path from a network of 
certificates, which is called public key infrastructure (PKI), and verify the certificates on 
this path recursively. This is classical methodology. Nested certification is a novel 
methodology for efficient certificate path verification. Basic idea is to issue special 
certificates (called nested certificates) for other certifica ... 

Keywords: Digital certificates, key management, nested certificates, public key 
infrastructure 
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^ October 2003 Proceedings of the 2003 ACM workshop on Digital rights management 
Publisher: ACM Press 

Additional Information: fujj.cjtatjon, abstract, references, citings, index 



Full text available: W pdf(306.59 K3i 

^ terms 

In this paper we examine how copyright protection of digital items can be securely 
managed in a 3G mobile phone and other devices. First, the basic concepts, strategies, 
and requirements for digital rights management are reviewed. Next, a framework for 
protecting digital content in the embedded environment of a mobile phone is proposed 
and the elements in this system are defined. The means to enforce security in this system 
are described and a novel "Family Domain" approach to content management ... 

Keywords: MPEG-21, copyright protection, cryptography, digital content, digital rights 
management, embedded system, key management, mobile phone, open mobile alliance, 
security 
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September 1991 ACM SIGOPS Operating Systems Review , Proceedings of the 

thirteenth ACM symposium on Operating systems principles SOSP 

'91 r Volume 25 Issue 5 

Publisher: ACM Press 

Additional Information: full citation, abstract, references, citings, index 



Full text available: J: - , .- 

terms 

We describe a theory of authentication and a system that implements it. Our theory is 
based on the notion of principal and a "speaks for" relation between principals. A simple 
principal either has a name or is a communication channel; a compound principal can 
express an adopted role or delegation of authority. The theory explains how to reason 
about a principal's authority by deducing the other principals that it can speak for; 
authenticating a channel is one important application. We use the th ... 
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framework in e-commerce environment 

Richard Au, Harikrishna Vasanta, Kim-Kwang Raymond Choo, Mark Looi 

March 2004 Proceedings of the 6th international conference on Electronic commerce 

ICEC '04 
Publisher: ACM Press 

Full text available: ^ pdf(29106 KB) Additional Information: full citation, abstract, references 

A novel user-centric authorisation framework suitable for e-commerce in an open 
environment is proposed. The credential-based approach allows a user to gain access 
rights anonymously from various service providers who may not have pre-existing 
relationships. Trust establishment is achieved by making use of referrals from external 
third parties in the form of Anonymous Attribute Certificates. The concepts of One-task 
Authorisation Key and Binding Signature are proposed to fac ... 

SPVise^ 

Yih-Chun Hu, Adrian Perrig, Marvin Sirbu 

August 2004 ACM SIGCOMM Computer Communication Review, Proceedings of the 
2004 conference on Applications, technologies, architectures, and 
protocols for computer communications SIGCOMM '04, volume 34 issue 4 

Publisher: ACM Press 

Full text available: ^ pd;7235.82 KB) Additional Information: full citation , abstract, references , index terms 

As our economy and critical infrastructure increasingly relies on the Internet, the 
insecurity of the underlying border gateway routing protocol (BGP) stands out as the 
Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of 
BGP. Securing BGP has become a priority.In this paper, we focus on a viable deployment 
path to secure BGP. We analyze security requirements, and consider tradeoffs of 
mechanisms that achieve the requirements. In particular, we study how to se ... 

Keywords: BGP, Border Gateway Protocol, interdomain routing, routing, security 



9 Formal prototyping in early stages of protocol design Q 
|^ Alwyn Goodloe, Carl A. Gunter, Mark-Oliver Stehr 

^ January 2005 Proceedings of the 2005 workshop on Issues in the theory of security 
Publisher: ACM Press 

Full text available: * g|pdf{53G.03 K8) Additional Information: full citation, abstract, references 

Network protocol design is usually an informal process where debugging is based on 
successive iterations of a prototype implementation. The feedback provided by a 
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prototype can be indispensable since the requirements are often incomplete at the start. 
A draw-back of this technique is that errors in protocols can be notoriously difficult to 
detect by testing alone. Applying formal methods such as theorem proving can greatly 
increase one's confidence that the protocol is correct. However, formal m ... 

1 0 Pub! jc-key. support for .group, cglja^ Q 
M£ Carl Eilison, Steve Dohrmann 

^ November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volume 6 Issue 4 

Publisher: ACM Press 

Full text available: ' gj pdf(5S1.61 KB) Additional Information: full citation, abstract, references, index terms 

This paper characterizes the security of group collaboration as being a product not merely 
of cryptographic algorithms and coding practices, but also of the man-machine process of 
group creation. We show that traditional security mechanisms do not properly address the 
needs of a secured collaboration and present a research prototype, called NGC (next 
generation collaboration), that was designed to meet those needs. NGC distinguishes 
itself in the care with which the man-machine process was analy ... 

Keywords: Human-computer interface, IPsec, PGP, PKI, S/MIME, SDSI, SPKI, SSH 



11 AstfBJafegLA^ 

management, and data mining 
^ Robbert Van Renesse, Kenneth P. Birman, Werner Vogels 

May 2003 ACM Transactions on Computer Systems (TOCS), Volume 21 issue 2 

Publisher: ACM Press 

Full text available- « pd* 341 62 K3} Additional Information: fall citation, abstr^ references, citing indfit 

Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 



12 An architecture for secure wide-area service discovery 

Todd D. Hodes, Steven E. Czerwinski, Ben Y. Zhao, Anthony D. Joseph, Randy H. Katz 
March 2002 Wireless Networks, volume 8 issue 2/3 
Publisher: Kluwer Academic Publishers 

Additional Information: full citation, abstract, references , citings, index 



Full text available: m pdf(355.68 KB) 

^ terms 

The widespread deployment of inexpensive communications technology, computational 
resources in the networking infrastructure, and network-enabled end devices poses an 
interesting problem for end users: how to locate a particular network service or device out 
of hundreds of thousands of accessible services and devices. This paper presents the 
architecture and implementation of a secure wide-area Service Discovery Service (SDS). 
Service providers use the SDS to advertise descriptions of available ... 

Keywords: location services, name lookup, network protocols, service discovery 
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13 The Q key management service Q 

Michael K. Reiter, Matthew K. Franklin, John B. Lacy, Rebecca N. Wright 
W\ January 1996 Proceedings of the 3rd ACM conference on Computer and 
communications security 

Publisher: ACM Press 

Full text available: fp pdffl.S/ MS) Additional Information: full citation, references, citings, index terras 



1 4 Rev okabje a nd ve Q 
M± Markus Jakobsson, Moti Yung 

^ January 1996 Proceedings of the 3rd ACM conference on Computer and 
communications security 
Publisher: ACM Press 

Full text available: ^ pdf(1.S3 MB) Additional Information: full citation, references, citings, index terms 



15 Archite^ Q 
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, Zhenghong Wang 
June 2005 Proceedings of the 32nd Annual International Symposium on Computer 

Architecture ISCA '05 
Publisher: IEEE Computer Society 

Full text available: "g| pdf(143.62 KB) Additional Information: full citation, abstract 

We propose "secret-protected (SP) n architecture to enable secure and convenient 
protection of critical secrets for a given user in an on-line environment. Keys are 
examples of critical secrets, and key protection and management is a fundamental 
problem I often assumed but not solved <L underlying the use of cryptographic protection 
of sensitive files, messages, data and programs. SP-processors contain a minimalist set of 
architectural features that can be built into a general-purpose microprocess ... 



16 QMajntegrityi Q 

^ Marco Casassa Mont, Keith Harrison, Martin Sadler 

May 2003 Proceedings of the 12th international conference on World Wide Web 

Publisher: ACM Press 

Full text available: ^.pdf(860:37 K3j Additional Information: Motion, abstract refejenc.es, index terns 

Digital information is increasingly more and more important to enable interactions and 
transactions on the Internet. On the other hand, leakages of sensitive information can 
have harmful effects for people, enterprises and governments.This paper focuses on the 
problems of dealing with timed release of confidential information and simplifying its 
access once public: it is a common issue in the industry, government and day-to-day 
life.We introduce the "HP Time Vault Service", based on the emerging ... 

Keywords: disclosure policies, identifier-based encryption, privacy, security, timed- 
release, web service 



17 User interface requirements for authentication of communication 
Audun Josang, Mary Anne Patton 

February 2003 Proceedings of the Fourth Australian user interface conference on User 
interfaces 2003 - Volume 18 CRPITS '03 

Publisher: Australian Computer Society, Inc. 
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Full text available: 'f p pdf{375.46 KB) Additional Information: full citation, abstract, references, index terms 

Authentication is a security service that consists of verifying that someone's identity is as 
claimed. There are a number of challenges to presenting information from the 
authentication process to the user in a way that is meaningful and ensures security. We 
show examples where authentication requirements are not met, due to user behaviour 
and properties of existing user interfaces, and suggest some solutions to these problems. 

Keywords: authentication, non-repudiation, security, usability, user interface 



18 Untraceability in mobile networks Q 
Didier Samfat, Refik Molva, N. Asokan 

December 1995 Proceedings of the 1st annual international conference on Mobile 
computing and networking 

Publisher: ACM Press 

Full text available: If ) pdff 1.2.0 M8) Additional Information: full citation, references, citings, index terms 



Keywords: CDPD, GSM, alias, anonymity, authentication, location privacy, mobility, 
security 
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^ protocols and 

^ Naouel Ben Salem, Jean-Pierre Hubaux, Markus Jakobsson 

October 2004 Proceedings of the 2nd ACM international workshop on Wireless mobile 

applications and services on WLAN hotspots 
Publisher: ACM Press 

Full text available: ^|>dfQ95 J0.KBJ Additional Information: Mlcitation, abstract, references, Index terrns 

In recent years, wireless Internet service providers (WISPs) have established thousands 
of WiFi hot spots in cafes, hotels and airports in order to offer to travelling Internet users 
access to email, web or other Internet service. However, two major problems still slow 
down the deployment of this kind of networks: the lack of a seamless roaming scheme 
and the variable quality of service experienced by the users. This paper provides a 
response to these two problems: We present a solution that, ... 

Keywords: QoS, WiFi networks, billing, protocols, reputation systems, roaming, security 
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